<?php  
require_once('configure.php'); 
 
function json_borthdate(){
	$query = "SELECT c.upload_path , a.karyawan_id , b.nama,b.tanggal_lahir FROM karyawan a 
	INNER JOIN biodata b ON b.biodata_id = a.biodata_id 
	INNER JOIN photo c ON b.biodata_id=c.biodata_id  
	WHERE MONTH(tanggal_lahir) = MONTH(NOW())
	AND a.karyawan_id NOT IN (select karyawan_id FROM karyawan_disable) 
	AND a.karyawan_id NOT IN (select karyawan_id FROM pemberhentian)
	ORDER BY rand() LIMIT 12";
	$result = my_query($query);
	 $content='';
	while($row = my_fetch_array($result)){
		$content .='{"karyawan_id":'.$row['karyawan_id'].',"name":"'.$row['nama'].'" ,"upload_path":"'.$row['upload_path'].'" ,"tanggal_lahir":"'.$row['tanggal_lahir'].'"} ,'; 
	 
	} 
	$jsoncontent = trim($content , ','); 
	$json .= '['.$jsoncontent.']';
	
	$path = 'files/services/birthdate_'.$_SESSION['user_id'].'.json';
	if(file_exists($path))@unlink($path);
	 
	if (!$handle = fopen(	$path, 'a'	)) {
		 return false;
	}
	  

	if (fwrite( $handle, $json ) === FALSE) {
		return false;
	}
	fclose($handle);
 
	
	return $res;
	
}

function update_login_verification($user_id){
	$session = my_get_data_by_id( 'session_control','user_id' , $user_id);
	$datas = array(
			'session_id'=>my_type_data_str(session_id()),
			'user_id'=>my_type_data_int($user_id),
			'status_online'=>my_type_data_str('Y'),
			'datetime_update'=>my_type_data_function('NOW()'),
			);
	if($session){
		  my_update_record('session_control','user_id',$user_id,$datas);	
	}else{
		  my_insert_record('session_control'  ,$datas);
	}
}

function log_user_login($user_id){
	my_query('UPDATE user SET last_login =  NOW() WHERE user_id = '.$user_id.' LIMIT 1');
	$datas = array(
		'user_id'=> my_type_data_int($user_id),
		'datetime_added'=> my_type_data_function('NOW()'),
	);
	return my_insert_record('user_logs' , $datas);
}

function trap_karyawans_services(){
	$query = " SELECT a.karyawan_id FROM karyawan a
			INNER JOIN kekaryawanan b ON b.karyawan_id = a.karyawan_id 
			WHERE  a.karyawan_id NOT IN (select karyawan_id FROM karyawan_disable)
			AND a.karyawan_id NOT IN (select karyawan_id FROM pemberhentian ) "; 
	$result = my_query($query);
	while($row = my_fetch_array($result)){
		create_data_karyawan_json($row['karyawan_id']);
	}
	return NULL;
}

function anti_injection( $user  ) {
	   // We'll first get rid of any special characters using a simple regex statement.
	   // After that, we'll get rid of any SQL command words using a string replacment.
		$banlist = array (
				"insert", "select", "update", "delete", "distinct", "having", "truncate", "replace",
				"handler", "like", " as ", "or ", "procedure", "limit", "order by", "group by", "asc", "desc"
		);
		// ---------------------------------------------
		if ( eregi ( "[a-zA-Z0-9]+", $user ) ) {
				$user = trim ( str_replace ( $banlist, '', strtolower ( $user ) ) );
		} else {
				$user = NULL;
		}  
		
		return addslashes($user);
}
function load_captcha(){
$width=80;$height=20;$length="6";
settype($length,"integer");

//range length 3-9
if($length>9)
$length = 9;

elseif($length < 3)
$length = 3;

// create a 100*20 image
$im = imagecreate($width, $height);

// white background and blue text
$bg 		= imagecolorallocate($im, 128, 128, 128);
$textcolor 	= imagecolorallocate($im, 250, 250, 255);

$str_random  = md5(rand(1,6000));
$str_captcha = strtoupper(substr( $str_random, 0, $length ));
$str_captcha = str_replace("0","5", $str_captcha);
$str_captcha = str_replace("O","T", $str_captcha);

$_SESSION['captcha'] =$str_captcha ;

$col_poly = imagecolorallocate($im, 220,rand( 100,140), 200);

// draw the polygon
for($i=0;$i<=rand(7,20);$i++)
@imageline($im , rand(-4,3), 5*$i , rand(80,170), rand(4,7)*$i, $col_poly);
// write the string at the top left
@imagestring($im, 5, 0, 0, " ".$str_captcha, $textcolor);

// output the image
header("Content-type: image/png");
imagejpeg($im); 
exit;
}

 

if(isset($_GET['captcha'])){
	load_captcha();
}
if(isset($_GET['logout'])){ 
	unset($_SESSION['user_id']);
	session_destroy();

	my_direct("index.php");
}
if(isset($_SESSION['user_id'])){
	my_direct("index.php");
}
$errormsg = false;
if( $_SERVER['REQUEST_METHOD'] == "POST" ){
 
	if($_POST['capt'] == $_SESSION['captcha']){

		$username = str_replace(" ","",$_POST['username']); 
		$username = anti_injection( $username );

		$password = md5(trim($_POST['password']));
			$query = "SELECT  user_id,level_id FROM user 
			WHERE  password='$password'  AND username ='$username' "; 
			$result = my_query($query);
			if(my_num_rows($result) > 0 ){
				if($row= my_fetch_array($result )){
					if($row['level_id']=='1')my_query("UPDATE opsi_seting SET value='0' WHERE name='kalkulasi' ");
					update_login_verification($row['user_id']);
					$_SESSION['user_id'] = $row['user_id'];
					log_user_login($row['user_id']);
					json_borthdate();
					
					trap_karyawans_services();
					
					if(isset($_GET['pr']))
						my_direct($_GET['pr']);
					else
						my_direct('index.php');
				}
			}else{
				$errormsg = "Invalid Login!";
			}
	}else{
		$errormsg = "Invalid Code!";
	}
}
?>
<html>
<head>
<title>HRIS :: RAHARJA MOTOR ID</title>
<style>
td{
	font-family:verdana;
	font-size:14px;
}
</style>
<link rel="icon" href="templates/hrisrskm/favicon.ico" type="image/x-icon">
<link rel="shortcut icon" href="templates/hrisrskm/favicon.ico" type="image/x-icon" />
</head>
<body style="background-color:#EFEFEF">
<div style="text-align:center;margin:auto;height:100%;">
<div style="margin:auto;width:680px;height:460px;background:url(<?php echo my_template_position();  ?>/login_view.jpg) no-repeat;">
<form method="POST">
<table width="100%" cellpadding="5" cellspacing="0" border="0">
<tr>
	<td colspan="2" align="right">&nbsp;</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td> &nbsp;</td>
</tr> 
<tr>
	<td>&nbsp;</td>
	<td> &nbsp;</td>
</tr> 
<tr>
	<td>&nbsp;</td>
	<td> &nbsp;</td>
</tr> 
<tr>
	<td>&nbsp;</td>
	<td> &nbsp;</td>
</tr> 
<tr>
	<td>&nbsp;</td>
	<td><?php if($errormsg) echo '<font color="yellow"><b>'.$errormsg .'</b></font>';?>&nbsp;</td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td><b><font color="#fff">:: Login pengguna</font> </b></td>
</tr>
<tr>
	<td width="70%" align="right"><font color="#fff">USERNAME</font></td>
	<td width="30%"><input type="text" name="username" /> </td>
</tr>
<tr>
	<td width="70%" align="right"><font color="#fff">Password</font></td>
	<td width="30%"><input type="password" name="password" /> </td>
</tr>
<tr>
	<td width="70%" align="right"></td>
	<td width="30%">
	<table width="150px" border="0"><tr><td width="35%"><img src="login.php?captcha=<?php echo md5(rand(0,1000));?>" /></td>
	<td  width="62%">
	<input type="text" name="capt" style="width:60px;" /></td></tr></table></td>
</tr>
<tr>
	<td width="70%">&nbsp;</td>
	<td width="30%"><input style="background-color:red;color:#FFFFFF;width:120px;height:25px;" type="submit" value="Login" /> <input onclick="javascript:alert('HRIS :: PT Bersama Mamur Raharja , Ver 1.0 \n (c) Solusi Prima : 081410103999');" style="background-color:red;color:#FFFFFF;width:20px;height:25px;"  type="button" value="?" /></td>
</tr>
</table></form>
</div></div>
</body>

</html>